package com.raising.framework.filter.realm;


import com.raising.modules.sys.entity.User;
import com.raising.modules.sys.service.UserService;
import com.raising.utils.PasswordUtils;
import com.raising.utils.UserUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import javax.annotation.PostConstruct;

/**
 * 用户权限认证
 * 
 * @author gaoy
 */
public class MyUserRealm extends AuthorizingRealm {

	@Autowired
	private UserService userService;

	/**
	 * 授权 每次点击都会进行验证
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(
			PrincipalCollection principals) {
		SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
		User user = UserUtils.getLoginUser();
		authorizationInfo.setRoles(userService.findRoles(user.getRoleIds()));
		authorizationInfo.setStringPermissions(userService
				.findPermissions(user.getRoleIds()));
		return authorizationInfo;
	}

	/**
	 * 登录认证 登录时验证
	 * @author gaoy
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
		MyUsernamePasswordToken token = (MyUsernamePasswordToken) authcToken;  
		String username = (String) token.getPrincipal();
		User user = userService.selectUserInfoByUserName(username);
		if (user == null) {
			// 没找到帐号
			throw new UnknownAccountException();
		}
		if (Boolean.TRUE.equals(user.getLocked())) {
			// 帐号锁定
			throw new LockedAccountException();
		}
		// 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配
		SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
				user.getUsername(),
				user.getPassword(),
				ByteSource.Util.bytes(PasswordUtils.PRE + user.getSalt()),
				getName()
		);
		return authenticationInfo;
	}

	/**
	 * 更新用户授权信息缓存
	 * @param principals
	 */
	@Override
	public void clearCachedAuthorizationInfo(PrincipalCollection principals) {
		super.clearCachedAuthorizationInfo(principals);
	}

	@Override
	public void clearCachedAuthenticationInfo(PrincipalCollection principals) {
		super.clearCachedAuthenticationInfo(principals);
	}

	@Override
	public void clearCache(PrincipalCollection principals) {
		super.clearCache(principals);
	}
	
	@PostConstruct  
    public void initCredentialsMatcher() {  
		//该句作用是重写shiro的密码验证，让shiro用我自己的验证  
        setCredentialsMatcher(new MyCredentialsMatcher());  
    }

//	/**
//	 * 自定义Authentication对象，使得Subject除了携带用户的登录名外还可以携带更多信息.
//	 */
//	public class ShiroUser implements Serializable {
//		private String userTypeCd;
//		private static final long serialVersionUID = 7240137316895366700L;
//
//		public String getUserTypeCd() {
//			return userTypeCd;
//		}
//
//		public void setUserTypeCd(String userTypeCd) {
//			this.userTypeCd = userTypeCd;
//		}
//	}

}
